How can i check the Source of Authentification, LDAP vs. local User

1letter · February 5, 2018, 4:27pm

How can i identify the authentification method/source of the User. What i mean is: How can i check that the authenticated User is a "LDAP"-User or a normal Plone User. Is it possible (I think it is), but i don't know how? Has anyone a little tip for me?

zopyx · February 5, 2018, 5:07pm

I use this code:

def is_plone_account(self):
    """ User name of current logged in user """
    username = self.current_username
    acl_users = plone.api.portal.get_tool('acl_users')
    return acl_users.getUser(username) is not None

Andreas

dieter · February 5, 2018, 5:44pm

I do not think that there is a general and easy way to distinguish between various user types authenticated by the same acl_users - e.g. LDAP users and local Plone users.

In your special case, you might be able to distinguish between the user types if they provide distinguishing properties (e.g. an LDAP user may have a property not available for a local user or vice versa).

If your integrated user sources all provide the IUserEnumerationPlugin (which is quite likely), you could emulate the execution of Products.PluggableAuthService.PluggableAuthService.PluggableAuthService.getUser[ById] to return the first enumerator plugin that recognizes the current user. You would use internal implementation details (which, of course, could break in the future).

1letter · February 6, 2018, 8:03am

@zopyx: Your solution doesn't match for me. I get for both Users a Value.

zopyx · February 6, 2018, 8:22am

Not sure why this works for us but perhaps try to call getUser() on context.acl_users.user_source ( or source_users..check the spelling in the ZMI). This will limit the lookup to the local user folder of Plone.

1letter · February 6, 2018, 9:26am

Edit: Solution for me:

from Products.PlonePAS.interfaces.plugins import IUserIntrospection

def is_plone_user(form):
    portal = api.portal.get()
    user = api.user.get_current().getUser()
    acl_users = api.portal.get_tool('acl_users')
    introspectors = acl_users.plugins.listPlugins(IUserIntrospection)
    is_source_user = False
    
    for introspector_id, introspector in introspectors:
        if introspector_id == "source_users":
            is_source_user = (user.getUserId() in list(introspector.getUserIds()))            
            break
    
    return is_source_user

Thanks for the Tips. I have edited my solution for a better performance.

zopyx · February 6, 2018, 10:50am

You do not have to iterate over all users..you look up a user in O(1) using getUserById().

pbauer · February 6, 2018, 3:33pm

For groups I check if a group is from ldap, not from plone (works fine with pas.plugins.ldap):

def is_ldap_group(group):
    actual = group.getGroup()
    return 'pasldap' in actual._propertysheets